The AP Confidence Gap: Why Most Teams Aren’t as Prepared as They Think

Most accounts payable (AP)The amount a company owes to suppliers for goods and services received but not yet paid. leaders would say their organizations take fraud seriously.

They’ve implemented approval workflows. They’ve added multi-factor authentication (MFA). They may even have bank account verification or sanctions screening in place.

On paper, the controls look solid.

And yet, recent research tells a different, and more troubling, story.

According to new findings from Edenred PayEdenred Pay is the market leader in B2B payments automation., 79 percent of AP leaders say they are only “somewhat confident” in their ability to detect and prevent fraud, despite the fact that more than one in three organizations experienced attempted or successful payment fraud in the past year.

That disconnect is what we call the AP confidence gap, and it’s one of the most important risks facing finance organizations heading into 2026.

This gap doesn’t come from negligence or inattention. In most cases, it comes from relying on controls and processes that were designed for a very different risk environment than the one AP teams operate today.

Confidence Isn’t the Same as Readiness

There’s a subtle but critical distinction between having controls in place and being truly prepared.

Many AP teams equate compliance with readiness:

• “We require dual approvals.”
• “We’ve implemented MFA.”
• “We verify bank accounts.”
• “We’ve never had a major incident.”

But fraud doesn’t exploit policy gaps. It exploits process gaps, timing gaps, and visibility gaps.

In today’s environment, fraud is:

• Faster
• More targeted
• More automated
• More convincing

Bad actors are no longer sending obviously suspicious emails riddled with typos. They are impersonating real vendors, cloning legitimate domains, referencing accurate invoice details, and timing their attacks to coincide with month-end pressure or staff transitions.

Against that backdrop, being “somewhat confident” is not reassurance.  It’s a warning sign.

Why Fraud Risk Is Rising Faster Than AP Defenses

The research highlights a hard truth: AP has become one of the most attractive attack surfaces in the enterprise. Why?

Because AP sits at the intersection of:

• Money movement
• Vendor data
• Human judgment
• Process complexity

Fraudsters know that AP teams are under pressure to keep payments moving. They know exceptions are common. They know that hybrid work has reduced informal verification and hallway conversations. And they know that manual steps introduce opportunities for fraud.

The study found that 84 percent of organizations still require manual intervention on 10–25 percent of invoices, with another 10 percent needing even more hands-on work. Every manual touchpoint is a moment where judgment replaces automation and where social engineering thrives.

Add rising invoice volumes, staff turnover, and fragmented systems, and it becomes clear why fraud attempts are increasing even as controls proliferate.

The False Comfort of Traditional Controls

One of the most revealing findings in the research is not just which controls organizations have adopted but how little confidence those controls inspire.

Most respondents reported using:

• Bank account verification
• MFA
• Dual approval workflows
• Sanctions or OFAC screening

These are important safeguards. But they are necessary, not sufficient.

Traditional controls tend to be:

• Static (they check once, not continuously)
• Rule-based (they don’t adapt to new patterns)
• Siloed (they don’t share context across systems)

Fraud, on the other hand, is dynamic. It evolves based on what works. When one tactic is blocked, another emerges.

This mismatch explains why so many AP leaders feel uneasy despite investments in security. They sense, correctly, that their defenses are not keeping pace with the threat.

Why “Somewhat Confident” Is a Dangerous Place to Be

In risk management, uncertainty is often more dangerous than ignorance.

Teams that believe they are “mostly fine” may:

• Delay modernization efforts
• Deprioritize additional controls
• Assume existing processes will catch issues
• Rely on post-payment detection instead of prevention

But the research shows that organizations that have experienced fraud often believed they were prepared, until they weren’t.

The confidence gap becomes especially risky when combined with:

• Manual exception handling
• Disconnected ERP and AP systems
• Limited real-time visibility into payment changes
• Overreliance on human review

In this environment, a single convincing vendor impersonation can slip through, even in well-intentioned, well-staffed teams.

AP’s Expanding Role in Risk and Governance

Another key insight from the research is how AP’s role is changing. AP is no longer just responsible for processing invoices accurately and on time.

It is increasingly expected to:

• Protect the organization from payment fraud
• Enforce compliance and audit controls
• Safeguard vendor data
• Support cash visibility and forecasting

In other words, AP is becoming a risk function, whether it has been formally recognized as one or not.

This shift raises an important question: Are AP processes designed for transactional efficiency or for risk resilience?

For many organizations, the answer is still the former.

Why Integration Gaps Worsen the Confidence Problem

The study also identified integration challenges as the single biggest barrier to AP automation and improvement.

This matters deeply for fraud prevention.

When systems don’t communicate seamlessly:

• Vendor updates may not sync in real time
• Payment changes may not trigger alerts
• Audit trails may be incomplete or delayed
• AI and analytics tools lack full context

Fragmented environments force AP teams to rely on manual reconciliationThe process of matching financial records—such as payments and invoices—to ensure accuracy in accounting and reporting. and cross-checking. These are precisely the conditions fraud exploits. Confidence drops not because teams aren’t trying, but because they know their visibility is incomplete.

Closing the AP Confidence Gap

The solution to the confidence gap is not more effort, it’s better design.

Leading AP organizations are moving toward:

• Continuous bank account verification, not one-time checks
• Artificial intelligence (AI)-driven anomaly detection that flags unusual behavior in real time
• Integrated invoice-to-pay platforms like Edenred Pay’s that reduce handoffs and blind spots
• Fewer manual exceptions, not faster manual handling
• Preventive controls, not post-payment cleanup

These teams aren’t chasing perfection. They’re reducing exposure.

They understand that confidence should come from resilience, not reassurance.

What AP Leaders Should Ask Themselves Now

To assess whether your organization is truly prepared, or just hoping it is, ask:

• How many invoice and payment steps still rely on manual judgment?
• How quickly would we detect a fraudulent bank change request?
• Are our controls adaptive or static?
• Do our systems share context or operate in silos?
• Would we know immediately if something went wrong?

If those answers feel uncertain, you’re not alone. Most AP leaders are asking the same questions.

The difference is what happens next.

From Confidence to Capability

The Edenred PayEdenred Pay is the market leader in B2B payments automation. and WBR Insights research makes one thing clear: AP leaders understand the risks, but many are still catching up to the reality of modern fraud.

Closing the confidence gap requires more than awareness. It requires:

• Rethinking how controls work together.  Controls must operate as an integrated system, sharing context across invoices, vendors, approvals, and payments, rather than as isolated checkpoints that fraudsters can work around.

• Reducing manual exposure.  Every manual touchpoint increases risk, so leading AP teams are focused on eliminating exceptions at the source instead of relying on people to catch problems after the fact.

• Leveraging automation and intelligence strategically.  Invoice-to-pay automation and AI deliver the greatest impact when they are applied to high-risk, high-volume workflows, using real-time intelligence to surface anomalies before payments are released.

• Treating fraud prevention as an ongoing capability, not a checklist.  Fraud defenses must continuously adapt to new tactics and behaviors, evolving alongside threats rather than remaining static once compliance requirements are met.

As AP continues its evolution from back-office function to strategic asset, confidence must be earned, not assumed.

Because in today’s environment, being “somewhat confident” simply isn’t enough.